From: Henrik Nordstrom Date: Wed, 27 Jul 2011 01:41:00 +0000 (+0200) Subject: Reorder accel mode options a bit X-Git-Tag: take08~55^2~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f45065d1e2739f7780e864b1c152115c708faad;p=thirdparty%2Fsquid.git Reorder accel mode options a bit reorder http_port accel mode options to group URL reconstruction from other tuning options also update https_port to refer to http_port for other options to avoid duplicating. --- diff --git a/src/cf.data.pre b/src/cf.data.pre index 32e34c6796..7b55033137 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1292,9 +1292,7 @@ DOC_START connections using the client IP address. NP: disables authentication and maybe IPv6 on the port. - accel Accelerator mode. Using the HTTP/1.1 Host header for - virtual domain support. Also uses the port as specified - in Host: header unless overridden by the vport option. + accel Accelerator / reverse proxy mode ssl-bump Intercept each CONNECT request matching ssl_bump ACL, establish secure connection with the client and with @@ -1310,32 +1308,16 @@ DOC_START Accelerator Mode Options: - act-as-origin - Act as if this Squid is the origin server. - This currently means generate new Date: and Expires: - headers on HIT instead of adding Age:. - - allow-direct Allow direct forwarding in accelerator mode. Normally - accelerated requests are denied direct forwarding as if - never_direct was used. - - WARNING: this option opens accelerator mode to security - vulnerabilities usually only affecting in interception mode. - defaultsite=domainname What to use for the Host: header if it is not present in a request. Determines what site (not origin server) accelerators should consider the default. - ignore-cc Ignore request Cache-Control headers. - - WARNING: This option violates HTTP specifications if - used in non-accelerator setups. - no-vhost Disable using HTTP/1.1 Host header for virtual domain support. protocol= Protocol to reconstruct accelerated requests with. - Defaults to http://. + Defaults to http for http_port and https for + https_port vport Virtual host port support. Using the http_port number instead of the port passed on Host: headers. @@ -1343,6 +1325,25 @@ DOC_START vport=NN Virtual host port support. Using the specified port number instead of the port passed on Host: headers. + act-as-origin + Act as if this Squid is the origin server. + This currently means generate new Date: and Expires: + headers on HIT instead of adding Age:. + + ignore-cc Ignore request Cache-Control headers. + + WARNING: This option violates HTTP specifications if + used in non-accelerator setups. + + allow-direct Allow direct forwarding in accelerator mode. Normally + accelerated requests are denied direct forwarding as if + never_direct was used. + + WARNING: this option opens accelerator mode to security + vulnerabilities usually only affecting in interception + mode. Make sure to protect forwarding with suitable + http_access rules when using this. + SSL Bump Mode Options: @@ -1477,7 +1478,7 @@ TYPE: https_port_list DEFAULT: none LOC: Config.Sockaddr.https DOC_START - Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...] + Usage: [ip:]port cert=certificate.pem [key=key.pem] [mode] [options...] The socket address where Squid will listen for HTTPS client requests. @@ -1489,21 +1490,17 @@ DOC_START You may specify multiple socket addresses on multiple lines, each with their own SSL certificate and/or options. - Options: + Modes: - accel Accelerator mode. Also needs at least one of - defaultsite or vhost. + accel Accelerator / reverse proxy mode - defaultsite= The name of the https site presented on - this port. Implies accel. + Omitting the mode flag causes default forward proxy mode to be used. - vhost Accelerator mode using Host header for virtual - domain support. Requires a wildcard certificate - or other certificate valid for more than one domain. - Implies accel. - protocol= Protocol to reconstruct accelerated requests with. - Defaults to https. + See http_port for a list of generic options + + + SSL Options: cert= Path to SSL certificate (PEM format). @@ -1567,14 +1564,6 @@ DOC_START sslcontext= SSL session ID context identifier. - vport Accelerator with IP based virtual host support. - - vport=NN As above, but uses specified port number rather - than the https_port number. Implies accel. - - name= Specifies a internal name for the port. Defaults to - the port specification (port or addr:port) - DOC_END NAME: tcp_outgoing_tos tcp_outgoing_ds tcp_outgoing_dscp